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(54) SECURITY MEDIATING METHOD 

(57)Abstract: — ^ 

PROBLEM TO BE SOLVED: To improve usability and to 
manage security information safely by allowing a general 
user to only perform the same operation at any time 
even when using a different service. 
SOLUTION: An acting program 22 which performs 
security management is incorporated in a client PC 20 
and security policies are downloaded by services to 
absorb differences of the policies. The general user 
combines a smart card for high-safety authentication, 
biological authentication, or a plurality of authenticating 
methods and then the acting program carries out 
necessary security processes such as ciphering 14, 
password inputs 1 1 and 12, electronic signing 13 for all 
services instead. Further, a security policy is distributed 

from a server to the client and the acting program guides or forces the setting of a proper 
password, alteration of the password, key update, acquisition of a certificate, etc. 
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* NOTICES * 



Japan Patent 0££ice is not responsible for any 
damages caused by the use o£ this translation. 

1. This document has been translated by computer. So the translation may not reflect the original 
precisely. 

2. **** shows the word which can not be translated. 
3. In the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1] It is the security vicarious execution approach for performing vicarious execution processing 
which performs a security management to the computer of a client. A smart card, biometrics, or user 
authentication by compound of two or more authentication approaches is performed. After this user 
authentication is successful, the security processing vicarious execution program which absorbs the 
difference in a security policy is started, and the selected service is accessed. By the security processing 
vicarious execution program Download a security poUcy from the server of service and a security policy 
is checked. The security processing vicarious execution approach characterized for a setup with the need 
for modification by the guide or inputting automatically and a security vicarious execution program 
performing required security processing of service automatically. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention absorbs the difference in the security policy for every service, 
and relates to the security vicarious execution approach which can simplify a user's procedure. 
[0002] 

[Description of the Prior Art] Since the significance of security changes with differences in service when 
using conventionally the service offered on the Internet, the security policy which is different with each 
service is needed. Specifically, the authentication approach, a code use plan, and a key management plan 
will differ firom password reinforcement etc. Therefore, different actuation for every service and storage 
of an item are required of the general user who receives service, and the burden of the present condition 
is large. 

[0003] Moreover, although Cookie was used in many cases in order to realize seamless authentication 
covering two or more services firom before, depending on the configuration of service, the problem 
might be in security. That is, since Cookie specified the user when it was used as structure for 
identifying the user to whom the Web server has accessed the site, and it was accessed first, and the both 
sides of the web browser of a Web server and a user saved this and the same user as a degree accessed 
the same site, it customized the screen, for example and had how to use [ show / a screen with each only 
for users ]. However, when the computer which a user uses changes, the information on Cookie has the 
problem of becoming an invalid. There was also a problem that use of Cookie will be transmitted from a 
security hole etc. to the information which should be essentially transmitted by the basis and which does 
not come out. 

[0004] Thus, since a security policy changes with services, a user may carry a smart card and may use a 
security policy properly with the combination of a password etc. The smart card makes the information 
on an accoxmt required for electronic banking, and information required for individual authentication 
memorize, and is used as a means of the personal authentication at the time . of using a computer and a 
network. 
[0005] 

[Problem(s) to be Solved by the Invention] Thus, since a security policy changed with differences in 
service in using services various in the Internet top conventionally, the user always had to take into 
consideration password being authentication, password being authentication, whether a digital signature 
is also required, or encryption would be required each time, and was very troublesome. 
[0006] Then, the purpose of this invention is that what is necessary is just to solve the technical problem 
of these former, and to perform the always same actuation even when using the service fi-om which the 
general user differed to offer the security vicarious execution approach that usabiliity can be raised and 
security information can be managed safely. 
[0007] 

[Means for Solving the Problem] In order to attain the above-mentioned purpose, the security vicarious 
execution approach of this invention offers the vicarious execution program which performs a security 
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management to a client side, absorbs the difference in a security policy for every service, and simplifies 
the procedure of the security asked for a general user. Moreover, when a general user performs high 
authentications (for example, a smart card, vocal-cords authentication, or compound of two or more 
authentication approaches etc.) of whenever [ insurance ], a vicarious execution program executes 
required security processings (for example, encryption, a password input, electronic signature, etc.) of 
all services by proxy, and they are performed. Moreover, with each service, a security policy is 
distributed from a server to a client, and the processings (for example, a setup of a suitable password, 
modification of a password, renewal of a key, acquisition of a certificate, etc.) which need a vicarious 
execution program are guided, or coercion is exerted. And a program manages the security information 
of these passwords, a certificate, etc. safely. 

[0008] Although a general user's authentication will be unified if a vicarious execution program is used, 
the whole security will be pulled by the degree of the security of the unified authentication in this. 
Therefore, in this invention, high authentications (for example, compound of a smart card, biometrics, or 
two or more authentication approaches etc.) of whenever [ insurance ] are used for authentication of the 
general user who unified. As compared with the biological information which only he cannot have, if 
biometrics are in agreement, they will check with him. In order for what is necessary just to be to 
perform the always same actuation even when using the service from which the general user differed 
according to this invention, usabiliity improves. Moreover, since security information is safely 
manageable, a general user's security improves. Moreover, since application of a security policy can be 
forced by downloading and applying a security policy, a general user's security improves. 
[0009] 

[Embodiment of the Invention] Hereafter, a drawing explains the example of this invention to a detail. 
Drawing 1 is the explanatory view of a security vicarious execution program showing the principle of 
this invention. In drawing 1 , 10 is [ Client PC (personal computer) and 30A of the Internet service 
group and 20 ] the Internet. Two or more clients PC 20 are connected to the Internet service group 10 
through Internet 30A, and the user shows that these services can be used through Internet 30A firom 
PC20. 

[0010] Now, as shown in drawing 1 , there shall be services A, B, and C as a service group. The security 
policy 18 of service A15 needs only the password authentication 1 1, the security policy 19 of service 
B16 needs the password authentication 12 and a digital signature 13, and security policy 19A of service 
CI 7 needs encryption 14. 

[001 1] APP(s) (browser etc.)21 and the vicarious execution program 22 are built in a client PC 20. Each 
element 25 of the security policy corresponding to Service C in each element 24 of the security policy 
corresponding to Service B in each element 23 of the SEKYURITE policy corresponding to Service A, 
ID, and a password, ID, a password, a public key pair, and a digital certificate and a cryptographic key is 
stored in the vicarious execution program 22 again, respectively. 

[0012] There are a smart card, biometrics, compound authentication, etc. as secure user authentication 
20A. The service which can log in collectively by this is possible. A password can be made to be able to 
change or it can respond with the combination of a smart card or a password. 

[0013] As an example of a security poUcy, there is a difference between the term of a password, the die 
length of a password, and character set doubling (for example, number in which an alphabetic character 
is made to mix) of a password etc., and there is a difference between the term (it is made to change) of a 
certificate and the term (it is made to change) of a key etc. in a digital signature. When service is 
mentioned concretely, there are dealings between companies as service A15 of only the password 
authentication 11. Moreover, there are dealings of stocks as the password authentication 12 and service 
B 16 of a digital signature 13. Moreover, there are dealings with a bank as service C17 of encryption 14. 
[0014] Drawing 14 is the operation flow chart of the security vicarious execution approach of tiiis 
invention. If user authentication is set to O.K. by inserting smart card 20A in PC20, the processing flow 
of a security processing vicarious execution program will advance in the following order. 
(1) Access authentication activation (3) service of security processing vicarious execution program 
starting (step 101) and (2) security processing vicarious execution program (step 102). 
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(4) It is [ whether a security processing vicarious execution program can be used and ] the server of 
decision (step 103) and (5) services to a security policy Download (step 104) and [0015] (6) It will be 
made to set up if there is a setup which must make a processing continuation (6-2) change without doing 
anything if there is no setup which must make a check (6-1) change of the security policy (for example, 
since the password has expired). It will be made to set up if the need (step 105,106) and a setup which 
must be set up newly (6-3) have resetting of a password (step 105,106). (for example, since the first 
service was accessed, a setup of ID and a password need) 

[0016] (7) Access security processing required for service again at automatic activation (step 107) and 
the Intemet [ step 102 ] without retum and security. 

(8) if required security processing is completed — usually - a passage — service — use and (9) — also 
using another service as it is ~ the possibility of and [0017] As a result of downloading, when 
modification of a security policy is the need, it directs about it. That is, since there is also usually a user 
who is not looking at it although a change notice is performed in the location of a homepage or others 
when a security policy has modification about Services A, B, and C and it directs here. After 
performing the input corresponding to the changed policy, it moves to security processing. The usual 
processing is performed after it. 

[0018] Drawing 2 - drawing 13 are the transition diagrams on the screen in the case of carrying out this 
invention. Drawing 2 is the screen Fig. of a log in in a security processing vicarious execution program. 
First, by Screen 30 of drawing 2 being displayed, it tums out that a security processing vicarious 
execution program processes, and a user inserts IC cards (smart card etc.) according to directions of 
"insert an IC card." 

[0019] Drawing 3 is the screen Fig. of a log in in a security processing vicarious execution program. 
Since Screen 31 of drawing 3 is displayed by inserting an IC card, a user enters a password into the 
input colunm according to directions of "enter a password." 

[0020] Drawing 4 is the screen Fig. of a security processing vicarious execution program authentication 
success. Screen 32 of drawing 4 is displayed as a result of an input of a password, it succeeded in 
"authentication! " ~ " ~ all of the security processing to which it corresponds [ subsequent ] are 
executed by proxy — " ~ ** — since it is displayed, a user knows that it is necessary to carry out no 
actuation henceforth. 

[0021] Drawing 5 is the screen Fig. of new service use initiation. Next, it being "Ox bank online 
banking" and the thing "for which this service supports the security processing vicarious execution 
program" are displayed by specifying bank relation. And even if a user operates nothing, the actuation 
which the current line of a security vicarious execution program requires is displayed down Screen 33. 
Current is displayed "To check a security policy." 

[0022] Drawing 6 is the screen Fig. of security policy download, the lower part of after the check of a 
security policy, and this screen 34 — "security policy - under download — " ~ a display is issued. 
[0023] Drawing 7 is the screen Fig. of a check of a security policy. Although authentication is 
inunediately performed by performing the input corresponding to the condition when there is no 
modification of a security policy, the case where there is modification of a policy here is shown. The 
term of this password is specified in one month by "security policy as a result of the check, since the 
password expired, please set up newly — " - a display is made. By this, a user will enter a new password 
into the input column. In reinput, it inputs at the reinput column. "Under security setting activation" is 
displayed down Screen 35 now. 

[0024] Drawing 8 is the screen Fig. of a security setup of new service, the result of a security policy 
check — " — ID and a password need to be set up to use this service. Please set up. Since the display 
which is " was issued, a user enters ID into the ID input column of Screen 36, and enters a password into 
the password input column, respectively. When there is the need for reinput, it inputs into the reinput 
column. "Under new security setting activation" is displayed down Screen 36. 

[0025] Drawing 9 is a screen Fig. which carries out automatic activation of the authentication of service. 
By setting up a password, or ID and a password, a security vicarious execution program performs 
authentication of service automatically. "Under authentication activation" is displayed down Screen 37. 
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[0026] Drawing 10 is the screen Fig. of a log in success to service. A success of authentication performs 
a log in in Ox bank in service and this case. It is displayed as "Mr, *****s account menu", and the screen 
which chooses account balance authentication, transfer, a log out, and either is displayed. Moreover, 
down Screen 38, it indicates "it carried out an authentication success." 

[0027] Drawing 1 1 is a screen Fig. in use of another service of this invention. Here, download of the 
security policy in the case of a stock dealing is **********. the display of "uneven security online" and 
"this service supporting the security processing vicarious execution program" should do to Screen 39 — 
the lower part of a screen - "security policy - under download ~ " - it is displayed. 
[0028] Drawing 12 is a screen Fig. which carries out automatic activation of the authentication 
following the screen of drawing 1 1 . After a security processing vicarious execution program downloads 
a security policy automatically by drawing 1 1 , automatic activation of authentication is performed by 
this screen 40. "Under authentication automatic activation" is displayed down Screen 40. 
[0029] Drawing 13 is a screen Fig. when authentication is successfiil following the screen of drawing 
12 . When authentication is successfiil, Mr. *****s exclusive page is displayed and the screen to which 
selection of an account check and investment service is urged is displayed. Down Screen 41, it indicates 
"it carried out an authentication success." After this, the dealings which checked the account to see the 
user consulted about investment, or met one of the purposes are conducted. 

[0030] The processing flow of the security processing vicarious execution program shown in drawing 14 
is changed into a program, and by storing the program which changed in record media, such as CD- 
ROM, PC of arbitration is equipped with a record medium, and if a program is installed in PC and 
performed, security processing vicarious execution of this invention can be realized easily. 
[0031] 

[Effect of the Invention] In order for what is necessary just to be to perform the always same actuation 
even when using the service fi'om which the general user differed according to this invention, as 
explained above, it is effective in usabiliity improving. Moreover, it is possible to manage security 
information safely, and since application of a security policy is forced by downloading and applying a 
security policy, a general user's security is effective in improving. 



[Translation done.] 
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